mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
fa40d59332
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there. I'm working on a document to describe how and when to create change notes for packs separately.
478 B
478 B
lgtm,codescanning
- The security queries now distinguish more clearly between different parts of
window.location. When the taint source of an alert is based onwindow.location, the source will usually occur closer to where user-controlled data is obtained, such as atlocation.hash. js/request-forgeryno longer considers client-side path parameters to be a source due to the restricted character set usable in a path, resulting in fewer false-positive results.